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Application No. 

09/187,700 



Examiner 

Douglas J. Meislahn 



Appiicant(s) 

KOBAYASHI ETAL 



Art Unit 

2132 



-- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent temn adjustment. See 37 CFR 1.704(b). 

Status 

1 )K Responsive to communication(s) filed on 08 April 2003 . 
2a)S This action is FINAL. 2b)n This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 
Disposition of Claims 

4) ^ Claim(s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim{s) 1-19 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification Is objected to by the Examiner. 

10)0 The drawing(s) filed on is/are: a)n accepted or bjD objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
1 1 )□ The proposed drawing correction filed on is: 3)0 approved b)n disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) 0 The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) n Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)nAII b)n Some*c)n None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. n Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) 0 Acl^nowledgment is made of a claim for domestic priority under 35 U.S.C. § 119(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

1 5) 0 Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 1 20 and/or 121. 
Attachment(s) 

1 ) CD Notice of References Cited (PTO-892) 4) Q Inten/iew Summary (PTO-41 3) Paper No(s). 



2) n Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) d Notice of Informal Patent Application (PTO-152) 

3) □ Infonnation Disclosure Statement(s) (PTO-1449) Paper No(s) . 6) Q Other: 



U.S. Patent and Trademark Office 
PTO-326 (Rev. 04-01) 



Office Action Summary 



Part of Paper No. 20 
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DETAILED ACTION 



Response to Amendment 



1 . This action is in response to the amendment filed 08 April 2003 that amended 
claims 1,7,8, 15, 18, and 1 9. 



2. Applicant's arguments filed 08 April 2003 have been fully considered but they are 
not persuasive. With respect to the 101 rejection, data on a disk is non-statutory unless 
it causes a computer to perform specified actions. 

3. Applicant argues that Ganesan does not teach a random encryption key, noting 
that Ganesan's system encrypts a symmetric crypto-key (which is assumed to be 
random) with a public key (which is not random). This logic has two flaws: first, 
encrypting a random number, such as the symmetric crypto-key, with a public key will 
still yield a random number; second, the symmetric crypto-key in Ganesan is used in its 
unencrypted form to encrypt data, as shown in the abstract, and this is precisely how 
applicant is using the random key. All symmetric keys are assumed to be random 
because their security rests in their being unpredictable. If they are not random, they 
are predictable and thus untrustworthy and impractical. 

The applicant's opinion that Kaufman does not teach random keys is incorrect 
because hashes of data produce pseudo-random results, which read on random 
numbers. 

Applicant's statements that the references cannot render obvious the claims 
because they are directed to other systems are unpersuasive because applicant does 



Response to Arguments 




Application/Control Number: 09/187.700 Page 3 

Art Unit: 2132 

not cite claim language that the references fail to teach. Furthermore, the protected 
data in Ganesan is clearly stored on a computer-readable medium, as in applicant's 
claims. 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, Kaufman's 
conservation of processing power (using an XOR operation instead of a public-key type) 
would motivate a person of ordinary skill in the art to employ Kaufman's teaching in 
Ganesan. 

Applicant's commentary that both Ganesan and Kaufman teach password 
encryption is not supported by Ganesan, which teaches using a public key, not a 
password, to encrypt a symmetric crypto-key. 

Generating a key for a storage area fails to convey that the key is tied specifically 
to that storage area, applicant argues to be a distinguishing characteristic of the claims. 
A key, used to encrypt data that is then stored in a data area, is "for" that storage area. 
The examiner suggests mandating that selection of an encryption key for data is based 
on the storage area to which the data, once encrypted, is to be stored. 




# 
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4. In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., symmetric keys assigned to storage areas prior to encryption) are not recited in the 
rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Ganesan teaches different keys for different storage locations by virtue of 
different symmetric keys being used to encrypt different pieces of data, and these 
pieces of data being stored on different parts of a storage medium. 



5. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, nnachine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claim 15 is rejected under 35 U.S.C. 101 because the claimed invention is 
directed to non-statutory subject matter. The data on the storage medium in claim 15 
do not cause a computer to act in a specific fashion, and as such do not compose a 
data structure. 



6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



Claim Rejections - 35 USC § 101 



Claim Rejections - 35 USC § 103 
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7. Claims 1, 6-8, and 13-19 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan (5748735) in view of Kaufman (6178508). 

Ganesan*s fourth figure shows a symmetric key being generated in element 330. 
Subsequently, this key is encrypted. In element 390, the encrypted symmetric key and 
data encrypted with that symmetric key are stored. With the exception of the password 
stipulation, clause one is hereby rendered obvious. Clause two is anticipated by 
elements 390 and 380, Step 580 in figure 5 shows reading the encrypted symmetric 
key from a storage medium, meeting the limitations of the third clause. The next step, 
element 585, anticipates the non-password portion of clause four. Element 590 
anticipates clause five. 

In lines 27-31 of column 6, Ganesan stipulates that the encrypted file and 
encrypted key are stored on an associated memory device. This reads on generating a 
key for a storage area. As is apparent from the abstract, the intent of Ganesan is to 
provide storage for a multitude of files. The writing of the encrypted key to the memory 
device has already been described. 

Ganesan says that the symmetric key is encrypted with a private key, not a 
password, although there are some functional similarities between the two: both should 
be known only by the holder, and both are often used for authentication. There are also 
several differences, such as the former being used in a public key cryptosystem and the 
latter, when acting as a key, being used in a symmetric key cryptosystem, as shown by 
Kaufman in lines 14-24 of column 6. Another difference is that passwords can generally 
be easily remembered while private keys practically require storage on a computer 
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readable medium. Therefore it would have been obvious to a person of ordinary skill in 
the art at the time the invention was made to use a password as taught by Kaufman to 
encrypt the symmetric key in Ganesan. As is evident from Kaufman's exclusive-OR 
operation, this would conserve processing power. 

Claim 6 is covered by Kaufman's plurality of passwords and quorum needed to 
decrypt. See columns five and six. Repeated encryptions of a secret are well-known 
and thus claim 7 is anticipated. 

8. Claims 2 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganesan and Kaufman as applied to claim 1 above, and further in view of Cruts et al. 
(4780905). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that the key is generated per the logic sector of the storage medium. In lines 46-48 
of column 2, Cruts et al. say that a decryption key is based on a formula that uses the 
disc address of data. In lines 24 and 25 above, they say that this saves the user from 
needing to know and remember the encryption key. This is not to say that the 
encryption key is deleted (see abstract). Therefore it would have been obvious to a 
person of ordinary skill in the art at the time the invention was made to associate the 
keys in Ganesan with the memory device on which they were to be stored by forming 
them according to an algorithm based on the address of the data, thereby saving the 
user from needing to remember the encryption keys. 
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9. Claims 3, 4. 10. and 11 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Ganesan and Kaufman as applied to claim 1 above, and further in 
view of Schneier {Applied Cryptography), 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
say that new symmetric keys are generated each time data is written to a spot in the 
memory device. On pages 6 and7, Schneier mentions the ciphertext-only attack, which 
relies on knowledge of multiple ciphertexts encrypted with the same encryption key. 
One obvious response to this is to use keys but once, which, depending on the 
algorithm, can verge on a one-time pad, which is a perfectly secret algorithm. Therefore 
it would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to generate new keys, as suggested by Schneier, every time data 
is written to a memory device In Ganesan. 

Neither Kaufman nor Ganesan say that the symmetric key is made by combining 
a predetermined number of pieces of random data. On page 173, Schneier says that 
good keys are random-bit strings generated by an automatic process. One way to 
achieve this is to generate the key from a reliably random source. This source reads on 
applicant's predetermined number of pieces of random data. Therefore it would have 
been obvious to a person of ordinary skill in the art at the time the invention was made 
to generate the symmetric key in Kaufman using random pieces of data as taught by 
Schneier in order to have a "good" key. 
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10. Claim 5 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Ganesan and Kaufman as applied to claim 1 above, and further in view of Blakley, III et 
al. (5677952). 

Ganesan and Kaufman show a system in which a symmetric key is encrypted 
with a password and stored with data that the symmetric key has encrypted. The key 
and data are associated with the memory device in which they are stored. They do not 
present a system by which passwords are changed. In lines 6-25 of column 7, Blakley, 
III et al. show a method of changing a password that consists of decrypting data with the 
old. password and re-encrypting it with the new password. In Blakley, III et al., these two 
steps occur simultaneously. Therefore it would have been obvious to a person of 
ordinary skill in the art at the time the invention was made to change passwords in the 
system of Ganesan and Kaufman according to the method of Blakley, III et al,, thereby 
letting users update their passwords. 

Conclusion 

1 1 , This is a request for continued examination. All claims are drawn to the same 
invention claimed in the earlier application and could have been finally rejected on the 
grounds and art of record in the next Office action if they had been entered in the earlier 
application. Accordingly, THIS ACTION IS MADE FINAL even though it is a first action 
in this case. See MPEP § 706.07(b). Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
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TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no, however, event will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Douglas J. Meislahn whose telephone number is (703) 
305-1338. The examiner can normally be reached on between 9 AM and 6 PM, 
Monday through Thursday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on (703) 305-1830. The fax phone 
numbers for the organization where this application or proceeding is assigned are (703) 
746-7239 for regular communications and (703) 746-7238 for After Final 
communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 



3900. 




Douglas J. Meislahn 

Examiner 

Art Unit 2132 



June 15, 2003 



GILBERTO BARRON 
SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 




